On Thu, 05 Nov 2015 23:08:07 +0100, Alexander Bluhm wrote:
> Hi,
>
> I had sendmail crashes because of invalid pointers in _res.dnsrch.
> I have 4 nameservers in /etc/resolv.conf, the last one is IPv6.
>
> /usr/include/resolv.h:
> #define MAXNS 3 /* max # name servers we'll track */
> struct __res_state {
> ...
> struct sockaddr_in
> nsaddr_list[MAXNS]; /* address of name server */
> unsigned short id; /* current message id */
> char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */
>
> After calling res_init(3), _res.dnsrch contained part of the IPv6
> nameserver address as pointer. The reason is a missing overflow
> check when filling _res.nsaddr_list.
>
> The sendmail crashes started when I updated and recomiled my libc
> today. I have no idea, why this bug did not appear before.
For anyone wondering, this only affects programs (like sendmail)
that use the bind resolver internals directly. OK millert@
- todd
